The Institute of Risk Management (IRM) asks JASON QIAN what working in risk is really like and what hints and tips they’d share with people looking to move into the industry.

I have been in the insurance industry for more than 17 years. My experience mainly falls into claims, operations and project management before risk management became my main focus. I started to look after risk management in parallel to my operations role six years ago. At that point, the focus was mainly operational risk. As the company’s business grew, our risk profile gradually became more sophisticated. At the same time, the insurance regulator started to put comprehensive requirements on risk management in the past a few years, in particular in the newly implemented risk oriented solvency regime (known as C-ROSS). I became the dedicated head of risk management in 2014 to concentrate on developing and enhancing our risk management framework and get up to speed with the new requirements. I was then promoted to chief risk officer after the formal implementation of C-ROSS in 2016.

Jason Qian

What’s typical day like as a chief risk officer?

WANT TO BUILD A FINANCIAL EMPIRE?

Subscribe to the Global Banking & Finance Review Newsletter for FREE Get Access to Exclusive Reports to Save Time & Money

By using this form you agree with the storage and handling of your data by this website. We Will Not Spam, Rent, or Sell Your Information. All emails include an unsubscribe link. You may opt-out at any time. See our privacy policy.

Here are some of my typical daily activities:

Review various risk information that flows to me. This could be risk incident information, risk indicator dashboard reports, etc. I may then talk to people, ask questions, make judgement or decisions, etc. I need to understand the overall risk status and make sure all the information has been adequately analysed and addressed.

Provide opinions and/or recommendations from the risk management perspective. The audience are mainly ‘first-line-of-defence’ functions and sometimes the senior management team. The topic could be operational manuals, new products, new processes, projects, etc. This is very important as we take an ‘embedded’ approach. This is a good opportunity to promote risk culture as well.

Understand the development of the company’s business and operations. This includes understanding how are things going, what is going on and what is being planned. This is important information feeds into the risk management framework. We are then able to conduct effective risk communication based on good understanding, and make relevant risk management processes and controls fit for purpose and proportionate also identifying any emerging risks in time.

Develop my team. I believe leaders and managers are all aware how important a good team is. Not to mention that my team is comparatively young and the environment is changing quite fast. Coaching and developing is sort of dynamic along with performing our daily duties.

Last but not least – keep learning. Risk management touches almost every aspect of a company. You do not have to be expert for them all but to some extent you need to be able to understand. Not to mention that our business, the industry, regulation, and risk management itself, are all constantly developing. To prevent being caught on-site, we need to always catch up.

What are the challenges?

Effective communication is constantly one of the top challenges. In a highly regulated industry, it is not uncommon that risk management is interpreted as just compliance or internal control where actually it is more than that. People’s risk appetite may vary based on their background and position. Risk assessments will inevitably be subjective to some extent, in particular for non-quantifiable risks. Risk solutions are sometimes not an obvious right-or-wrong and it is not easy to get a point as best-choice for all.

Not to mention that communication itself could be a burden as good risk management relies on adequate flows of information and it might difficult to define how much is ‘enough’.

To choose the best-suitable approaches or tools is another challenge we constantly face. A sophisticated balance need to be carefully managed when a bunch of factors need to be counted – risk profile, risk appetite, business objectives, people, process, validity, cost, efficiency, etc.

Talent might be another challenge from industry perspective. The function is still young. Both business practice and relevant regulatory requirements are constantly developing. Successful risk managers would need a set of comprehensive knowledge and skills. Qualified risk managers are still short-handed in the market.

The practical nature of the content of the qualification is helping me on a day-to-day basis. I think the design of the qualification is fantastic. It provided me with both a path of progressive essential knowledge building and an opportunity of comprehensive development. Access to plenty of relevant resources and also a good portal for continuous professional development. The knowledge and tools have helped me in addressing live situations. On the other hand, it helped me to strengthen my competency to refresh the learning points and reading materials after work from time to time.

What would you say to others thinking about joining IRM as a member?

It’s definitely worth doing, without doubt and study for the qualifications! I’d like to add that the IRM provides valuable access to professionals, leading thinking and analysis, as well as very good educational and training opportunities.

How has your role developed and what are your career ambitions? Has being linked to the IRM helped?

Top tips:

To those who want to be a risk management professional I would say start with an IRM qualification:

Risk management is not a ‘techie’ role. Be prepared to comprehensively develop yourself. I am not undermining the technical bit of risk management, which is increasingly important. What I have seen is that the further you go into the area, the more you need to deal with people.

Do not underestimate assessment of the qualification. By no means can you can pass it by just remembering bullet points. It truly requires that you understand the essentials and are able to systematically utilise them. This is also why I would recommend IRM qualification as it is real and reflects practice.

Find you own way. I do not think there is a ‘bible’ answer to many risk scenarios as in your own life. My experiences and lessons learned is to practice what you have learned as early as on as possible, review the outcome and work out the best solution for your organisation and/or yourself together with your colleagues.